If we could all be just a little more sceptical, we’d be safer, and the internet could be a more trustworthy place.
A message pops up on your computer, warning you that malware has been detected.
What do you do?
The answer is not as clear as you might think.
In fact, no matter what you choose to do, it could be the wrong thing, depending on the circumstances.
Your trust is a commodity
It is no secret that scammers actively prey on the trusting.
But it’s not just scamming artists who abuse our good nature and desire to trust. People prefer to trust the people they meet every day.
Hackers, malware authors, over-aggressive salespeople – anyone who wants something – know that. They are often skilled at using your trust against your best interests.
Consider that warning message that popped up… Warning: malware detected, click to remove…
A pop-up message telling you there is malware on your machine is no big surprise to most people. With the constant barrage of news reports about hacks and malware and the ongoing emphasis on anti-malware tools, it is no surprise that belief might be your first response when such a message appears.
“Malware? Well, it happens to so many people, it’s no surprise that it happened to me!”
Except … it might not have.
Not yet, anyway.
That message might be completely fake. It could be counting on you to trust that it is legitimate, and then click on it to take further action. And that “further action” could install malware, or worse.
Or, it could be legitimate.
What do you do?
Unable to deliver package, details attached…
You have probably received email – important-looking email – that indicates there’s a package on its way to you, and the details are in an attached file.
Your online email provider has detected a problem with your account, and you need to check something by clicking on the conveniently offered link.
I have even received an email from PayPal saying that access to my account had been “limited” because of suspicious activity. I needed to log in to provide more information – once again, using the provided link.
In each case, the sender wants you to trust them and take whatever action they have recommended in their message, be it examining the contents of an attached file, clicking a provided link to their web site, redeeming a contest prize, or even replying to the email with sensitive information.
Abusing your trust in this manner is now one of the most effective ways to distribute malware.
And yet, each one of those scenarios could, in some cases, also be legitimate.
What do you do?
I am from Microsoft, and we have detected….
You are working on your computer one afternoon and you get a phone call from someone who says they work for Microsoft, and they have detected that your computer is causing many errors on the internet. They offer to walk you through some steps to show this to you, and indeed, there do seem to be lots of unexplained errors right there on your computer.
Then they offer to fix it for you if you will just go to a site and type in a few numbers that they recite to you.
Those errors are scary looking, and you certainly don’t understand them.
What do you do?
A new variation to the scam caller that is being used is a pop-up that fills your entire screen, usually a red background because red means danger and they want you to feel intimidated, with a message stating that malware has been detected on your computer and that you should call Microsoft or Windows immediately on the offered 1800 number.
What you do: get sceptical
Sceptic: a person who has or shows doubt about something – Merriam Webster
If there were one skill I could magically impress upon all my friends and clients… hell, on the entire technology-using, internet-loving universe – it would be the skill of healthy scepticism.
I do not mean that you believe nothing and trust no one. I simply mean that you question before you believe, and ask yourself questions before you trust what is being offered/said to you.
Truly, being sceptical is really the only solution to the scenarios I have outlined above.
- In each case, it is critical that you not blindly trust the information presented to you.
- In each case, you must question whether the person or company at the other end of the message actually has your best interests in mind.
- Is the story they are telling accurate? Verifiably correct? Do you know – beyond a doubt – that they are who they say they are?
If the answer to any of those questions is “no,” or even “I’m not sure”, then stop. Stop and take whatever added steps make sense to confirm that what you’re being told is legitimate. It might mean some internet research, calling them back, or asking a trusted friend or resource for their opinion.
But if you are not sure, question everything.
Be more sceptical: it’s one skill that can help prevent disasters before they happen, and keep you and your technology safe.
Nullius in Verba – “Take nobody’s word for it.”
It is more than just technology
Naturally, my plea for being sceptical and that you “question everything” is about far more than just the technology you have sitting in front of you.
As I have written about before, an amazing amount of information we are shown each day is completely bogus – or at least nuanced and presented in such a way as to cause you to believe that things are other than what they truly are.
Add to that our natural tendency to believe that which supports what we already believe (known as the “echo chamber “), and it’s exceptionally easy to be misled and misinformed.
The solution stays the same:
…even things you already believe are true.